Suche senden
Hochladen
Powershell'in Karanlık Yüzü
•
1 gefällt mir
•
617 views
H
Halil Dalabasmaz
Folgen
ISTSEC 2017'de gerçekleştirdiğim "Powershell'in Karanlık Yüzü" isimli sunumum.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 19
Empfohlen
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
Peter Sabev
Cm9 secure code_training_1day_input sanitization
Cm9 secure code_training_1day_input sanitization
dcervigni
Extending drupal authentication
Extending drupal authentication
Charles Russell
OWASP 2013 EU Tour Amsterdam ZAP Intro
OWASP 2013 EU Tour Amsterdam ZAP Intro
Simon Bennetts
The OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
Web Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
ZAP @FOSSASIA2015
ZAP @FOSSASIA2015
Sumanth Damarla
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
Empfohlen
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
Peter Sabev
Cm9 secure code_training_1day_input sanitization
Cm9 secure code_training_1day_input sanitization
dcervigni
Extending drupal authentication
Extending drupal authentication
Charles Russell
OWASP 2013 EU Tour Amsterdam ZAP Intro
OWASP 2013 EU Tour Amsterdam ZAP Intro
Simon Bennetts
The OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
Web Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
ZAP @FOSSASIA2015
ZAP @FOSSASIA2015
Sumanth Damarla
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
Api crash
Api crash
Tony Nguyen
Api crash
Api crash
Hoang Nguyen
Api crash
Api crash
Luis Goldster
Api crash
Api crash
Harry Potter
Api crash
Api crash
Young Alista
Api crash
Api crash
James Wong
Api crash
Api crash
Fraboni Ec
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
James Wickett
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
Symantec Security Response
Openly Secure
Openly Secure
Mohamed Sayed
Bsides tampa
Bsides tampa
Octavio Paguaga
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
Hillel Kobrovski
Securing your web apps now
Securing your web apps now
Stephan Steynfaardt
Hadoop Security
Hadoop Security
Timothy Spann
Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...
David Brossard
Mod security
Mod security
Shruthi Kamath
Cyber ppt
Cyber ppt
karthik menon
Secure Search - Using Apache Sentry to Add Authentication and Authorization S...
Secure Search - Using Apache Sentry to Add Authentication and Authorization S...
Lucidworks
What is Apache Solr? Check Out Its Advantages
What is Apache Solr? Check Out Its Advantages
NextBrick Inc
Windows Azure PowerShell CmdLets
Windows Azure PowerShell CmdLets
Pavel Revenkov
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Weitere ähnliche Inhalte
Ähnlich wie Powershell'in Karanlık Yüzü
Api crash
Api crash
Tony Nguyen
Api crash
Api crash
Hoang Nguyen
Api crash
Api crash
Luis Goldster
Api crash
Api crash
Harry Potter
Api crash
Api crash
Young Alista
Api crash
Api crash
James Wong
Api crash
Api crash
Fraboni Ec
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
James Wickett
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
Symantec Security Response
Openly Secure
Openly Secure
Mohamed Sayed
Bsides tampa
Bsides tampa
Octavio Paguaga
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
Hillel Kobrovski
Securing your web apps now
Securing your web apps now
Stephan Steynfaardt
Hadoop Security
Hadoop Security
Timothy Spann
Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...
David Brossard
Mod security
Mod security
Shruthi Kamath
Cyber ppt
Cyber ppt
karthik menon
Secure Search - Using Apache Sentry to Add Authentication and Authorization S...
Secure Search - Using Apache Sentry to Add Authentication and Authorization S...
Lucidworks
What is Apache Solr? Check Out Its Advantages
What is Apache Solr? Check Out Its Advantages
NextBrick Inc
Windows Azure PowerShell CmdLets
Windows Azure PowerShell CmdLets
Pavel Revenkov
Ähnlich wie Powershell'in Karanlık Yüzü
(20)
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Api crash
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
Openly Secure
Openly Secure
Bsides tampa
Bsides tampa
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
Securing your web apps now
Securing your web apps now
Hadoop Security
Hadoop Security
Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...
Mod security
Mod security
Cyber ppt
Cyber ppt
Secure Search - Using Apache Sentry to Add Authentication and Authorization S...
Secure Search - Using Apache Sentry to Add Authentication and Authorization S...
What is Apache Solr? Check Out Its Advantages
What is Apache Solr? Check Out Its Advantages
Windows Azure PowerShell CmdLets
Windows Azure PowerShell CmdLets
Kürzlich hochgeladen
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
AndikSusilo4
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
XfilesPro
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Kürzlich hochgeladen
(20)
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Powershell'in Karanlık Yüzü
1.
Powershell’in Karanlık Yüzü Sistemlere
Sızma, Bırakılan İzler, Phant0m
2.
whoami • Halil DALABASMAZ •
Sr. Penetration Tester & Instructor @ BGA Security • C|EH, OSCP, OSWP, OSCE • artofpwn.com • Twitter @hlldz • Linkedin @hlldz • Exploit-DB @Halil DALABASMAZ
3.
>_ Powershell • Microsoft
tarafından Windows komut satırı cmd.exe ve Windows Script Host'a alternatif olarak geliştirilen yeni nesil bir komut satırı uygulamasıdır.
4.
>_ Powershell
5.
>_ Karanlık Taraf
6.
>_ Neden • Signed,
Legal • Varsayılan Olarak Yüklü • Şifreli Trafik İle Uzaktan Erişim İmkanı • Anti-Forensic Friendly • Anti-Application Whitelisting Friendly • Script-Based Malware Bağışıklığı • Obfuscation Kolaylığı
7.
>_ Execution Policy •
Restricted • RemoteSigned • AllSigned • Unrestricted • Bypass
8.
>_ Projeler • Powershell
Empire • PowerSploit • Nishang • PowerOPS • p0wnedShell • Inveigh • Unicorn
9.
>_ Powershell >
Powershell.exe
10.
>_ Bırakılan İzler •
Kayıt Defteri • Ağ Trafiği • Memory • Prefecth • Event Log
11.
>_ Kayıt Defteri •
Kalıcı Olmak (Persistent)
12.
>_ Ağ Trafiği •
WinRM, Windows Remote Management • Powershell Remoting • HTTP 5985, HTTPS 5986
13.
>_ Memory • Powershell
Remoting? • svchost.exe - DCOM Server Process • DCOMLaunch • C:WindowsSystem32wsmpro vhost.exe
14.
>_ Prefecth • C:WindowsPrefetch •
*.pf
15.
>_ Windows Event
Log • Powershell 3.0 + • Windows PowerShell.evtx • Microsoft-Windows- PowerShell%4Operational.evtx • Microsoft-Windows- PowerShell%4Analytic.etl • Microsoft-Windows- WinRM%4Operational.evtx • • Microsoft-Windows- WinRM%4Analytic.etl
16.
>_ Phant0m • İz
bırakmamak!? • Windows Event Log
17.
>_ svchost.exe
18.
>_ Windows Event
Log
19.
>_ Demo 1. .DOC
(Macro) 2. MS16-032 LPE 3. Phant0m 4. Meterpreter